Category Archives: Tor Browser

In brief

Brave, a Chromium-based, privacy-first browser that integrates the anonymous Tor web browser, has been leaking private .onion addresses to domain name system providers.

Tor obscures users web browsing activity by bouncing web traffic across a global network of relays. That makes it near-impossible to trace a users web history, making the browser a perfect home for anyone in need of privacy: mostly activists, dark web drug barons and hackers.

But the bug, addressed in a beta and soon-to-be-fixed in a hotfix, leaked all that private information to DNS providers, meaning that internet companies could snoop on their users Tor activity.

This is because Brave, which integrated Tor in 2018, is a Chromium-based browser, meaning it uses the same architecture as Firefox and Google Chrome. This issue has plagued Chromium-based browsers for over a decade and has been found on Brave as far back as 2019.

Braves bug was raised on January 21 after a Hacker One report unearthed the issue. It was resolved, then added to the Nightly version two weeks ago. Nightly is a developer's version of Brave that updates each day.

However, since the bug blew up on Reddit and Twitter today, Brave is bumping it up to the official version.

Brave never professed to be as private as Tor. Brave with Tor does not provide the same level of Privacy as the Tor browser, if your life depends on remaining anonymous, use the Tor browser, said Ryan Watson, Braves VP of IT, two years ago on Reddit.

Tor is more secure because it scrubs digital fingerprints used to identify computers, wrote Watson. Fingerprinting works by hiding in the crowd of other browsers, by using Tor in Brave you have a slightly more unique fingerprint than with Tor browser. Thus making you less anonymous.

He added: [Tors community] also develop and know about security issues before anyone else, so they get the patches first and they make their way downstream to other apps.

Brave has been in hot water for betraying user trust in the past. It redirected some crypto-related search queries to affiliate links, from which it earned kickbacks. It's not great, and sorry again. I'm sad about it, too, tweeted Brendan Eich, the companys fiery CEO after the scheme was unearthed. The bug, however, appears to be an error in code, rather than in judgment.

Read the original post:
Brave Is Leaking Browsing History From Anonymous Tor Browser - Decrypt

Tor is an "onion-routing" network that protects your privacy online.

If you're new to internet privacy and security, you've still probably already read references to something called Tor -- a widely hailed piece of internet-connected software with its own internet browser. Tor is embraced by privacy aficionados for its reliable encryption and its history of covering users' internet tracks.

At first glance, the terminology around Tor can seem intimidating and alien. Don't worry, though. It's simpler than it seems.

Learn smart gadget and internet tips and tricks with CNET's How To newsletter.

Here's everything you need to know about Tor.

Read more: The best VPN service for 2021

Back in the mid-'90s, when the US Navy was looking into ways to securely communicate sensitive intelligence information, a mathematician and two computer scientists emerged from the Naval Research Lab with something called "onion routing." It was a new kind of technology that would protect your internet traffic with layers of privacy. By 2003, The Onion Routing project, acronymed Tor, was in the hands of the public, where its vast network of users -- the engine enabling Tor -- has since continued to grow.

Today, thousands of volunteers all over the world are connecting their computers to the internet to create the Tor network by becoming "nodes" or "relays" for your internet traffic.

At a basic level, Tor is a type of internet-connected network with its own internet browser. Once you connect to the internet with the Tor browser, your internet traffic is stripped of its first layer of identifying information as it enters the Tor network, and is then sent bouncing through those relay nodes, which serve to encrypt and privatize your data, layer by layer -- like an onion. Finally, your traffic hits an exit node and leaves the Tor network for the open web.

Once you're in the Tor network, it's nearly impossible for others to track your traffic's manic pinballing path across the globe. And once you leave the Tor network via an exit node, the website you view (assuming it has HTTPS in front of its address) isn't sure which part of the world you're hailing from, offering you more privacy and protection.

Read more: The best antivirus protection of 2021 for Windows 10

Normal web browsing is easy with Tor. Head to the official site and download the Tor browser. Follow the installation instructions as you would with any other program. When you open Tor for the first time, the program will ask you to either configure your connection (if you're in a country where Tor has been banned, like China or Saudi Arabia) or simply connect. Once you click connect, Tor may take a few minutes to find a set of relays to connect you through.

But once you're in, you can use Tor just as you would any other browser. You'll also be prompted to review your Tor browser security settings. If you're aiming for maximum privacy, I'd advise leaving the settings on their default selections.

If you start experiencing slower-than-normal speeds, you can nudge Tor into action by checking for a quicker connection path to the website you're trying to view. In the top right corner of the Tor browser, click the three-line menu icon and select New Tor Circuit for this Site.

The privacy-focused Brave browser also has an option to route traffic through Tor when inside a private window.

Read more:Best iPhone VPNs of 2021

Now playing: Watch this: Brave browser gets more private with Tor

1:32

Because Tor is a volunteer-run network, speed can often be an issue. As your traffic moves from node to node, you're likely to notice more speed loss than you would, for instance, with most commercial virtual private networks. This becomes particularly noticeable if you try to watch streaming Netflix content over Tor or make voice-over-IP phone calls or video calls with an app like Zoom. Tor technology isn't necessarily built to provide seamless audio-video experiences.

Speaking of videos, there are also limits to the amount of privacy Tor can offer you if you enable certain browser media plugins like Flash. Likewise, your browser's JavaScript plug-in -- which enables you to view a lot of websites' embedded media -- can still leak your IP address information. Torrenting files with Tor also exposes you to privacy risks. Because of these risks, Tor's privacy settings have these kinds of plug-ins disabled by default.

If you're just looking to do general, daily internet perusal using a browser that will better hide your traffic from spying eyes, Tor probably isn't the best choice due to its slow speeds and incompatibility with most embedded media. But if you're concerned enough about privacy around a particular topic of internet research (and you don't have a VPN), Tor is probably the best choice for you.

In some cases, yes. Most of the time, however, it takes some know-how to be able to configure your VPN's connection to work in harmony with Tor. If you don't get it right, you can risk making both Tor and your VPN ineffective when it comes to protecting your privacy. We recommend getting familiar with both types of software before marrying the two.

On the plus side, however, a successful combination of the two can be useful. While Tor protects your internet traffic, your VPN can be set to encrypt the internet traffic of any other applications running on your device in the background.

To investigate VPNs further, check out our beginner-friendly guide to all the VPN terms you need to know and our directory of the best VPNs of 2021.

Now playing: Watch this: Top 5 reasons to use a VPN

2:42

View post:
Tor browser FAQ: What is it and how does it protect your privacy? - CNET

Among the popular online threats, cross-site scripting is one of the classic Web application security vulnerabilities, which is majorly used to gain unauthorised access. Cross-site scripting also known as XSS allows attackers to compromise the interactions of a user with a target vulnerable application.

Though it is one of the common threats, it can allow cyber criminals to wreak havoc on their victims. Under Google's Vulnerability Reward Programs (VRP), a security researcher named Shachar found an XSS bug in Google Maps, which reportedly landed him a total reward of US$10 000. Using the bug, an attacker could have gained access to a users interactions with Google Maps ones travel history and searches if not the access to ones Google account. Thankfully, many companies are working to minimise online threats, and Google and Mozilla are the prime organisations aiming for a more secure Web experience for all.

What is cross-site scripting (XSS)?

In a cross-site scripting attack, an attacker usually masks himself as a victim user to access the users data or carry out unauthorised actions on the users behalf. For example, if the victim user has admin privileges within an application, the attacker might gain complete control over the application, including its data. Or, if the target application is a banking or financial application and the victim user has some funds, the attacker might transfer funds to his account. That is, a cross-site scripting attack allows attackers to perform as much damage as the functionality of the target application and the privileges of the victim user.

In a nutshell, a cross-site scripting attack is mostly executed by manipulating a vulnerable Web site into returning malicious or malformed code to the victim user. When this malicious code runs inside the victims Web browser, the attacker gets full control of the victim users interactions with the target application. This malicious code can come from multiple sources, thus there are three types of cross-site scripting attacks. The first type is called Reflected XSS, wherein the code comes from the current request. The second type is called Stored XSS, wherein the code comes from the Web sites database. The third and last type is called DOM-based XSS, wherein the attacker compromises the client-side code of the application. These types of cross-site scripting attacks only differ in their execution, but they all perform the same level of damage.

How Google and Mozilla are helping

Google and Mozilla are the creators of Blink and Gecko respectively the Web browser engines responsible for driving your experience on Google Chrome and Mozilla Firefox. That is not all, they power a lot more browsers and applications. For instance, Blink is the underlying engine in all Chromium-based browsers like the new Microsoft Edge, Brave, Opera and Vivaldi. Similarly, Gecko lives under the hood of Tor Browser, SeaMonkey and Waterfox, along with Thunderbird the popular e-mail client. That means Blink and Gecko are responsible for more than half of the Web browsers on the planet. And that makes Google and Mozilla driving forces for developing better feature sets to combat online threats.

That said, Google and Mozilla are working towards a post-XSS world by introducing a number of security features in their browsers. According to a blog post on Google Online Security Blog: Over the past two years, browser makers and security engineers from Google and other companies have collaborated on the design and implementation of several major security features to defend against common web flaws. These mechanisms, which we focus on in this post, protect against injections and offer isolation capabilities, addressing two major, long-standing sources of insecurity on the web.

The new security mechanisms include Content Security Policy based on script nonces, Cross-Origin Opener Policy, Fetch Metadata Request Headers, Trusted Types, and some more. These improvements are the hard work of many people over the course of several years, which are being implemented in Google Chrome 83 and Mozilla Firefox 79.

For instance, nonce-based Content Security Policy works by setting a random token for every page load. So, if some part of the Web page is injected by an attacker, the browser will refuse to execute the injected script since it will not present the correct nonce token. This will mitigate any server-side injection like Reflected XSS and Stored XSS. According to Google, nonce-based Content Security Policy helps mitigate exploitation of 30+ high-risk XSS vulnerabilities. And, fortunately, nonce-based Content Security Policy is supported in Google Chrome, Mozilla Firefox and all browsers based on these two browsers. Safari has partial support for nonce-based Content Security Policy, unfortunately.

When nonce-based Content Security Policy is combined with Trusted Types, they prove as battle-tested mitigation against a majority of DOM-based XSS. However, Google Chrome supports both at the time of publication while Mozilla is working towards bringing support for Trusted Types in the Firefox browser. But, unfortunately, Safari supports neither nonce-based Content Security Policy (only partially) nor Trusted Types, neglecting the need of improved security.

Similarly, the other security mechanisms listed above help mitigate many other common Web security threats, including but not limited to cross-site request forgery (CSRF) and XS-leaks a new family of Web privacy-leaking techniques. Of course, that is not all, the works done by Google and Mozilla are going to introduce stricter security for everyone browsing on the supported browsers.

Visit link:
How Google and Mozilla are helping to minimise the risk of XSS attacks - ITWeb

By Paul Hill Neowin Jan 26, 2021 13:12 EST

Tails OS 4.15 has been released today bringing with it updates for the Tor Browser, the Linux kernel and fixes for several issues including USB tethering not working with devices running iOS 14 or later. Luckily, there are no new issues introduced with this version of the privacy-oriented OS but its still affected by long-standing issues.

According to the release notes, there are no new major changes in this update outside of updated software. The only new feature is that you now have the option to press Dont Show Again on the security notification that pops up when you attempt to run Tails on a virtual machine.

This update does come with several critical software patches for things like the Tor Browser which is now on version 10.0.9 (based on Firefox 78.7), Thunderbird has been bumped to 78.6.0, and the Linux kernel now sits on version 5.9.15 bringing support for newer hardware. The new kernel update also addresses a bug that prevented iOS 14 devices from being used for tethering.

To install Tails 4.15, youll either need to follow the guide to setting up a Tails USB to perform a clean install or you can upgrade an existing Tails install. When youve booted up your Tails 4.2 or above USB and connected to the internet, you will be offered the upgrade. If you choose to update, the new version will download and begin to install. If you would like to see whats planned in future updates, check out the Tails roadmap.

View original post here:
Tails OS 4.15 released with updated Tor Browser - Neowin

The Tails project released today Tails 4.15 as a monthly maintenance release to the amnesic incognito live system based on the Debian GNU/Linux operating system and used for anonymous communications.

Synced with the stable software repositories of the Debian GNU/Linux 10 Buster operating system series, Tails 4.15 is powered by Linux kernel 5.9.15 for improved hardware support and comes with updated core applications, including the Tor Browser 10.0.9 anonymous web browser and Mozilla Thunderbird 78.6 email client.

On top of these updates, Tails 4.15 also improves support for Ledger hardware wallets in the Electrum Bitcoin wallet app, adds USB tethering support for devices running Apples iOS 14 or later to share mobile data, and clarifies the error message about the size of the USB flash drive shown when starting Tails.

Full Story

This topic does not have any threads posted yet!

You cannot post until you login.

Read the rest here:
Tails 4.15 Anonymous OS Released with Tor Browser 10.0.9 and Thunderbird 78.6 - LXer

New Years ransomware news came early this year, when various media platforms began reporting the discovery of Babuk Locker, the newest ransomware variant to target corporations by encrypting files across network-connected devices andextorting ransom payments. For those hoping to see new ground broken in ransomware technology, Babuk Locker would have come as a disappointment. The code, its execution, the ways the operators communicate with victims and the threats to the stolen data have been labeled unprofessional. This does not mean that the malware is harmless; in fact, the opposite is true.

Babuk Locker was discovered only a few days after most of the West celebrated the new year, but those behind the ransomware had already snatched up a few victims. Victims included an elevator and escalator company, an office furniture manufacturer, a car parts manufacturer, a medical testing products manufacturer and an air conditioning and heating company based in the U.S.

We can thank computer science student Chuong Dong for the analysis; Dongs work is the best resource on Babuk Locker currently available to the InfoSec community. According to Dongs analysis, while the ransomware is fairly standard in terms of what it does and how it does it, the operators have included several common tactics that made strains like Sodinokibi and Ryuk surge in terms of successful infections. Such tactics include the double extortion tactic, hyperthreading and the ability to encrypt files across a victims network. Lets look at each in turn, and how Babuk Locker implements these tactics.

This has been, perhaps, the single most dominant trend in ransomware for the past year. Last year, at about the same time, the Maze ransomware gang (who have now opted for early retirement) began threatening to release stolen data before encryption of data was executed. The threats were soon followed by the gang releasing the data via a data leak site, accessible by other threat actors via a Tor browser. This became known as the double extortion tactic, and has seen wide adoption by almost all the major ransomware gangs targeting large corporate and government networks.

The tactic became synonymous with gangs classified as human-operated ransomware gangs; the term describes ransomware operators who use manual tools to gain access to a network, and slowly increase their network privileges until they can manually execute the malwares encryption protocols for the greatest effect on the target network. The double extortion tactic is an evolution of the human-operated trend. Recently, the tactic has evolved further to include gangs hiring call centers to cold-call victims and pressure them to pay the ransom.

Based on current research, Babuk operators have not gone so far as to cold-call victims; however, they have threatened to release and have released data belonging to victims. Rather than releasing data via a dedicated leak site, the ransomwares operators posted on underground hacker forums announcing, and then releasing, data of victims who refused to pay. Babuk does have a website, but this is used to communicate with victims and negotiate ransom payments. Here, one might view the operation as amateurish, in that all victims communicate via the same text channel so that everyone can see past communication between victims and the attacker.

When ransomware was in its infancy, it tended to only encrypt files locally; that is to say, only files on the infected machine could be encrypted so that the user could not access them. In modern networks, files are shared across the network so that the business can operate. It was only a matter of time before hackers realized that these shared network resources could be encrypted, too, and could effectively halt daily operations. Large organizations like Travelex, according to reports, paid the Sodinokibi gang over $2 million USD when their network was struck in this fashion, and forced the company to suspend many of its services.

Babuk Locker ransom demand message:

Babuk is capable of targeting files across the network through the use of command-line instructions that allow the malware to search across the network for shared resources. The command can also encrypt only local files. If the attacker successfully compromises a network-connected machine with high enough administrative privileges, it can be safely assumed that the attacker will look to encrypt files across the network, as this will cause more damage. The malware uses a combination of SHA256 hashing, ChaCha8 encryption, and Elliptic-curve DiffieHellman (ECDH) key generation and exchange algorithm to protect its keys and encrypt files. This means that, barring a major mistake by the malwares developers, the encryption is solid with no apparent way to decrypt files without the decryption key. This forces victims to either pay or restore from backups. The likelihood that a free decryptor will be released anytime soon is slim.

To further complicate recovering from Baduk Locker, the malware will do several things to help speed up and smooth the encryption process. But, first, before encryption begins, the malware looks for shadow copies and deletes them. Shadow copies are used to help create restore points if something critical happens to the machine so that important data isnt lost; deleting these makes recovery harder for those impacted by a Baduk attack. The malware will also terminate services that prevent file manipulation or alterations, including services associated with security suites that may prevent the malware from doing what it is intended to do.

The list of services targeted includes: vss, sql, svc$, memtas, mepocs, sophos, veeam, backup, GxVss, GxBlr, GxFWD, GxCVD, GxCIMgr, DefWatch, ccEvtMgr, ccSetMgr, SavRoam, RTVscan, QBFCService, QBIDPService, Intuit.QuickBooks.FCS, QBCFMonitorService, YooBackup, YooIT, zhudongfangyu, sophos, stc_raw_agent, VSNAPVSS, VeeamTransportSvc, VeeamDeploymentService, VeeamNFSSvc, veeam, PDVFSService, BackupExecVSSProvider, BackupExecAgentAccelerator, BackupExecAgentBrowser, BackupExecDiveciMediaService, BackupExecJobEngine, BackupExecManagementService, BackupExecRPCService, AcrSch2Svc, AcronisAgent, CASAD2DWebSvc, CAARCUpdateSvc.

Files encrypted by Babuk Locker:

Lastly, if files are in use, they cannot be encrypted not ideal for an attacker looking to encrypt as much as possible to guarantee that daily operations are stopped. To do this, Baduk Locker will terminate running processes that are used to run certain file types that businesses and government organizations rely on.

The processes terminated include: sql.exe, oracle.exe, ocssd.exe, dbsnmp.exe, synctime.exe, agntsvc.exe, isqlplussvc.exe, xfssvccon.exe, mydesktopservice.exe, ocautoupds.exe, encsvc.exe, firefox.exe, tbirdconfig.exe, mydesktopqos.exe, ocomm.exe, dbeng50.exe, sqbcoreservice.exe, excel.exe, infopath.exe, msaccess.exe, mspub.exe, onenote.exe, outlook.exe, powerpnt.exe, steam.exe, thebat.exe, thunderbird.exe, visio.exe, winword.exe, wordpad.exe, notepad.exe.

The act of encrypting files is a noisy affair, and when done en masse, its a key indication that something is wrong. Ransomware operators know this, and often choose to encrypt data when the business is quiet, slow or closed for the day. This is done in the hopes that no one is working; no one will notice and shut down the servers if something appears wrong. This information is gained by compromising the network days or weeks in advance of the attack and encryption process. This is one of the reasons why the final phase of the attack is usually done over weekends, and often in the early hours of the morning.

Other than relying on early hours best left for sleep, hackers have several tricks to make the encryption process go off smoothly. The speed at which files can be encrypted is an advantage, and to achieve this, hackers will abuse a machines hyperthreading capability. Modern CPUs have several cores stacked on top of one another to make processing faster. Each core acts like its own mini processor; the more you have the more tasks can be processed simultaneously. Hackers will use the CPUs hyperthreading ability to encrypt files faster. In practice, hyperthreading, when abused by hackers, is done to process various types of data. That which is easily encrypted is done on one thread, while larger, more complex data is sent to another thread for encryption. This drastically improves encryption efficiency, and reduces the overall time taken.

Babuk takes advantage of hyperthreading by first evaluating the number of CPU cores on the victims machine. Then, it creates a data structure to handle the threads. Dong points out that this method has several flaws, stating,

The first problem with this approach has to do with threads concurrency in an OS. A huge amount of threads can potentially be created for each process. However, in an ideal situation, its better to have one thread running per processor to avoid having threads competing with each other for the processors time and resource during encryption.However, that, by itself, is not that big of a problem if the author implemented a queue-like structure to process encrypting requests to utilize 100% of the victims processing power. Unfortunately, they decided to only spawn one encrypting thread per existing drive.

As theres likely to be more drives than threads created by the malware, Babuk cannot create as many threads as needed to speedily encrypt the targeted data. The malware then reverts to older, less efficient means of traversing through folders to encrypt data. If the malware can create the required number of threads to match the number of drives on the victims machine, the encryption will be a more efficient affair. Researchers will be quick to point out this flaw; however, for those already a victim of Babuk Locker, such discussions will be of little comfort.

Babuk Locker has already proved capable of creating corporate victims, and ransom demands have topped $80,000 USD. This amount is smaller than the take from some of the worlds most dangerous ransomware gangs, but it is not insignificant. While it can be successfully argued that the current version of Babuk Locker is not as efficientand well-coded as other ransomware examples, it still poses a clear danger to business and government networks.

Recent Articles By Author

Read the rest here:
Babuk Locker: Mediocre, But Gets the Job Done - Security Boulevard

Recently, following a change to Whatsapps privacy policy, hundreds of thousands of people from all over the world left for other services. Signal, an encrypted messenger service, saw so many sign-ups that it temporarily crashed.

This was followed by a mass exodus from social media, as Twitter and Facebook became embroiled in a debate on free speech and censorship, a chain of events that may signal a shift in how users value privacy.

Rachel-Rose OLeary is a coder and writer at Dark Renaissance Technologies. She was a tech writer for CoinDesk from 2017 to 2018, covering privacy tech and Ethereum. She has a background in digital art and philosophy, and has been writing about crypto since 2015. The views expressed in this article are her own and do not necessarily reflect those of the publication.

Related: The Future of Money in the Multiverse

Riccardo Spangi or fluffypony, the former lead maintainer of privacy-centric cryptocurrency monero, called this a watershed moment for privacy. People are realizing that you dont get privacy just handed to you. You have to stand up and take it, he told CoinDesk.

For years, topics including anonymity, censorship resistance and decentralization were the purview of political extremists. Armed with a pessimistic, even paranoid outlook, the forefathers of cryptocurrency engineered tools, like Bitcoin, for a world where civilization had fallen.

But now, spurred on by an information crisis and compounding global unrest, privacy has entered popular consciousness.

As on the popular consumer-facing apps such as Signal, activity on the encrypted anonymous internet, the darknet, is on the rise. While its hard to estimate usage due to its anonymity benefits, Tor Browser was downloaded 10% more on average this January than last year. In the past 12 months, the number of hidden websites has increased 180%.

Related: Money Reimagined: Letter to President Biden

Story continues

This rising popularity could be driving an increase in monero transactions. In December, darknet market Whitehouse reportedly announced it would no longer accept bitcoin payments, strengthening moneros foothold as the cryptocurrency of choice for the darknet.

See also: Steven Waterhouse The Pandemic Turbocharged Online Privacy Concerns

In fact, despite being delisted from exchanges Shapeshift and Bittrex, moneros price has steadily grown 140% in the past year, while its daily transactions have increased by a staggering 290%. Zcash has likewise increased nearly 70% in price.

All of this is to say theres a growing demand for privacy. Whats more, the privacy scene has never been more prepared for an influx of users.

Privacy has always been a core value of the crypto-anarchist philosophy. Bitcoin itself was designed to be pseudonymous, but its privacy-protecting features are insufficient to protect users from blockchain analysis.

In the past 10 years, fully anonymous cryptocurrency has emerged as a Holy Grail of blockchain research. Millions in research dollars have been committed, though until recently no purely private cryptos emerged without substantial trade-offs to scalability and decentralization.

Several small, incremental achievements are beginning to come to fruition. Litecoin is testing a potential privacy upgrade, Mimblewimble. Privacy coin Firo, previously named Zcoin, is pioneering new cryptographic research with its recent release of Lelantus.

Meanwhile, earlier this month, Zcash announced its plan to implement Halo 2, a groundbreaking upgrade that will allow the cryptocurrency to add new assets to its base layer, such as an anonymous stablecoin or wrapped versions of other cryptocurrencies while Monero is also building toward a multi-chain paradigm, specifically with privacy implications for Bitcoin through atomic swaps.

Further, while Moneros ring signatures reduce its anonymity, a new upgrade called TRIPTYCH will make this privacy leakage less of a concern.

Bitcoin, too, will see privacy-protecting enhancements with the long-anticipated rollout of its Taproot upgrade. When activated, Taproot will allow smart contracts written in the Bitcoin scripting language to appear like normal transactions, so more complex code can populate the blockchain undetected.

Its not just traditional cryptocurrencies that are undergoing a renaissance. Privacy apps are proliferating on decentralized finance (DeFi) while private smart contract platforms like Secret Network and Aleo are enabling general purpose, programmable privacy.

Can the state withstand a full-blown Bitcoin offensive?

All of these advancements are made possible by significant improvements in privacy tech, especially zero-knowledge cryptography. Having authored the first privacy-oriented Bitcoin wallet in 2013, Amir Taaki has been working on anonymity tech in crypto for nearly 10 years.

Zero-knowledge is probably the biggest breakthrough in cryptocurrency since the invention of Bitcoin itself. It enables an entire new class of privacy applications that previously couldnt exist before, he said.

Advances in privacy tech have the potential to revolutionize not just cryptocurrency, but all aspects of how we interact with the web. The internet is currently dominated by data harvesting and surveillance. In exchange for using a service, user data is collected by companies for increasingly surreal purposes, such as behavior prediction and control.

By offering a new economic vision for technology, the cryptocurrency ecosystem has the potential to challenge this paradigm. Mixnet provider Nym Technologies is working in this direction, offering privacy-friendly applications the ability to monetize their services.

Still, these new vistas will not be without their challenges. For the last year, crypto has been awash with rumors and headlines foretelling an impending regulatory crackdown.

In an interview that coincided with her statement that the European Central Bank (ECB) will release its own digital currency the digital euro within the next five years, ECB President Christine Lagarde called for global bitcoin regulation. Separately, U.S. Treasury Secretary nominee Janet Yellen said that cryptocurrencies are a particular concern for terrorism financing, and stated the need to curtail their use.

Both the U.S. and European Union formerly a privacy stronghold have also floated rules that threaten end-to-end encryption and privately held crypto addresses.

See also: Proposed Crypto Wallet Rule Among Those Frozen by Biden Pending Review

If there was ever a need for strong, unhackable, privacy-preserving tools to be built, its now.

Regulatory pressure may have an unintended consequence by making privacy-preserving cryptocurrencies more attractive. In a scenario where crypto is banned, crypto will merely go underground, where it had its beginnings.

A nightmare scenario for an industry overrun by bankers, such a grim regulatory outlook is widely dismissed as FUD. Not only would this cripple the emerging cryptocurrency ecosystem financially, but it would severely damage its core value propositions: openness, accessibility, being permissionless.

Still, perhaps in anticipation of regulatory crackdowns, Bitcoiners are adopting an increasingly militant rhetoric. Rumors of an impending privacy war have been circulating on Twitter, with cryptocurrency advocates volunteering themselves for the front line.

According to Taaki, such a confrontation is effectively preprogrammed.

I dont see a resolution between an emerging cryptocurrency industry and the state-backed fiat system, he said, These things are [at] loggerheads, and using anonymity to shield participants in a network is of vital importance to our success as a movement.

See also: Michael Casey A World Where Privacy and Saving Lives Can Coexist

The developer of privacy-focused Bitcoin wallet Wasabi, Max Hillebrand, said he is confident Bitcoins users will step up to the challenge. Armed with advanced technology and an ideology capable of carrying its followers to the barricades, he wondered:

Can the state withstand a full-blown Bitcoin offensive?

See more here:
We Have Entered the Age of Anonymous Crypto - Yahoo Finance

Cryptocurrency is progressively reshaping the online gambling industry. According to Statista, online gambling market is expected to be worth over $94 billion by the year 2024. This exponential growth is mainly attributed to the players ability to remain anonymous. Torpoker is a web-based poker gaming site which accepts Bitcoin currency.

Security is always the top most concern when dealing with any kind of online financial transaction and online gambling is no different. Torpoker uses PYQT5 open-source development framework to design its GUI and due to its known compatibility, it makes Torpoker support all popular operating system environments. The open-source software means that users can trust the platform and that the code is thoroughly tested and the patch management is efficient.

Furthermore, Torpoker chooses to disable JavaScript in the web application. Although JavaScript is widely used to extend functionality in web applications, it also posses a major security concern on the client side. JavaScript snippets are usually accessible to the user making it vulnerable to exploits with malicious intent. Moreover, JavaScript has a history of lack of proper web browser support since it is interpreted differently by different browsers which may cause unpredictability especially on the client-side.

Online Bitcoin casinos offer a higher degree of security since personal details are not required in order to perform transactions such as transfer of bitcoin, chances of malicious actors gaining access to personal sensitive data is drastically reduced. Moreover, Bitcoin transactions go through security layers which involve multiple verifications and several layers of encryption which protect the whole process. All these security measures contribute the overall reduction of a malicious attack surface

Torpoker is able to guarantee optimum privacy with the only requirement being a unique one-off address for transactions. The complete hashing of all wallet IDs and their corresponding transactional IDs allows for pseudo-anonymity among all user-user transactions. Hence, all Bitcoin transactions are completely anonymous and secure. Moreover, players have an assurance of transparency since all transactions are routed to a public ledger offering an additional layer of protection. Additionally, it is advisable to use the web application in tor browser which encrypts data through the network of relay nodes

In order for players to access their wallets securely, it is always recommended to access them only through trusted private networks since the private keys mostly use cloud storage. Once the wallets are securely accessed then Bitcoin transactions can made through the address provided by Torpoker. This means that users may be the weakest link since poor storage of wallets or dubious cryptocurrency exchanges may cause unauthorized access which may result in a loss of coins. Most security breaches associated to Bitcoin and other cryptocurrencies happen mostly on cryptocurrency exchanges and not necessarily of gambling sites which makes Torpoker incredibly secure. Torpoker offers even more security by providing dedicated private servers for rent which gives the players the ultimate control over privacy and security.

Go here to see the original:
The safest place to play poker - - VENTS Magazine

Lionsgate has released a trailer for its upcoming film Silk Road, based on the darknet marketplace of the same name and we are more excited to watch it than we expected.

Simply titled Silk Road the film appears to be a mix of acting and real-life news clips telling the story of the marketplace from inception to its closure by the FBI in 2013.

Check out the trailer below.

The film stars Nick Robinson (Boardwalk Empire, Jurassic World) as the founder of Silk Road, better known as Dread Pirate Roberts and Jason Clarke (Everest, Terminator Genisys) as Rick Bowden who plays a disgraced DEA agent. Clarkes character appears to be fictional as we can find no reference to an agent of the same name in reports about Silk Road.

While Silk Road became synonymous with drugs, it also brought Bitcoin and the Tor browser into the public conversation. Unfortunately for Bitcoin, its use by Silk Road patrons gave it the reputation that the cryptocurrency was used by criminals. Thankfully that reputation seems to have disappeared in recent years.

But were more interested in the story about how Ulbricht was caught which this film appears to address. We dont want to spoil anything but one of the reasons will have to smacking your forehead in disbelief.

While Ulbricht is currently serving two life sentences without the possibility of parole, his website left an indelible mark on the world and to this day you can still find ways to buy things online that you shouldnt be able to buy.

Silk Road will release in theatres and everywhere you rent movies on 19th February.

Originally posted here:
Were itching to watch the Silk Road movie next month - htxt.africa

Digital privacy is hard work. But now that there is a conversation around it, sparked by the latest WhatsApp policy and terms and conditions that have spooked users, it is a good time to talk about it. By its very nature, the internet is something of an open medium. Over the years, some blinds have been draped over it, doors and windows that can be closed have been created, but still more or less it is an open medium that leaks information. A lot of it is also by design. Tech companies like Google, Facebook, Amazon, even Apple up to an extent, have it in their interest to collect user data. And the more data they can collect, the better it is for them.

Given the nature of the web and connected devices, the only way to be sure of not leaking your private data or identity on the web is to cut the cord. In other words, go incommunicado. Take a hammer, smash all your digital devices, then pick a tin-foil hat, place it on your head and move to deep in hills and woods.

Unfortunately, that is not an option. Unless you are a sanyasi (hermit), and nowadays even sanyasis use smartphones.

So, what do you do? How do you remain connected, keep using various digital services and still maintain some level of privacy and keep your data somewhat safe from the tech companies that want to serve you personalised ads, governments and authorities that want to watch your every move, and political parties that want you tracked because you vote? It is difficult, but not impossible.

Uninstalling WhatsApp, which is clearly in the business of tracking users through metadata, and using something like Signal is a good first step. But it is hardly going to make a difference when it comes to your digital privacy. In fact, WhatsApp is one of the better guys when it comes to collecting user data. Some apps are much much worse than it, apps that you use daily.

Consider this: Almost every app that you use tracks you. Apps want your location data, even apps like a notepad. They want to see how long you are using an app, with who you are talking to, who all are in your contacts, what sort of photos are there in your gallery, at what time you use your phone, where you go, and they do it every time you give them permission. An app will ask for GPS permission because it wants to show you local weather. But once it has permission to GPS, it will misuse it. Sure, it will show you local weather, but will also track your location.

There are a few essential steps you can take.

Be careful of apps

1- You should get rid of any app that you dont need. As in not need badly. And this is for the phone apps as well and the laptop or desktop apps. For example, deleting WhatsApp will not help you much unless you also delete Facebook and delete Instagram. In fact, get rid of all the non-essential apps. If you can live without an app, dont install it. Those Beauty Selfie apps? Dont install them. Those ten payment apps? Maybe install just one. All the video and photo-editing apps? Get rid of the ones you dont use.

Basically, be extremely choosy in the apps that you install on your phone.

2- A lot of times you dont need to use an app. You can use a website. It is always safer and more private to use a website to access a service. This is the reason why companies want you to use an app. They get more data this way. This is why many services like to lure users in installing apps by offering app-only discounts or cashbacks.

3- When you use an app, give it permissions that are absolutely necessary. If a selfie app is asking GPS access, dont give it. If Swiggy or Zomato ask for location info, dont give access to GPS. Just manually add the address. Android and iOS now have the option to give access to apps only when they are in use. Choose this option wherever you can. For example: Why should Google Maps have GPS access all the time. It needs GPS information when it is in use when you have opened it. So give it limited access.

Be careful while web browsing

4- apps are just one part of the story. A lot of data is leaked through web browsing, and you have to be very careful with it. There are a number of steps you can take to keep web browsing relatively private:

Avoid Chrome. Chrome is a data hog. In fact, this Google browser arguably collects more data than any other app. Instead you can choose yo use Firefox. And use Firefox with tweaked settings. Tell Firefox not to remember your browsing history. Tell it to deny access to third-party cookies. Tell it to use HTTPS Over DNS, which will help you avoid prying eyes of your internet service provider.

Get into the habit of logging out of websites. For example, if you log into Facebook and then in the same browser you also do your rest of the web browsing, well Facebook is tracking you. Across the pages. It is done through the code Facebook puts on websites through its network. Google too is doing the same and when you have Gmail open, all the web browsing you do in that web browser is tracked. So, what is the way out? Use a different browser. Maybe you can keep Gmail open in Chrome, but do rest of your web browsing in Firefox or Safari or Edge. It means more work for you and its convenient to keep switching between browsers, but you avoid the tracking cookies of Facebook or Google in this way.

You have to understand this nice and proper: To avoid getting tracked by Google and Facebook ad networks on the web, you must not do web browsing when you are logged into any Google or Facebook service. And no, just closing the tab on which you had Gmail or Google Search will not do. You must log out. In fact, in some cases you must log out twice.

Dont give web pages access to location data. Disable their access to installed programs (defaults).

If you are using Firefox, use it with NoScript. This will break some functionality on web pages, but it will also disable a lot of click tracking, or digital fingerprinting that websites use to collect user data. When you need the full functionality of a website, you can temporarily allow that webpage in NoScript.

You can avoid websites that track you. For example, you can use DuckDuckGo instead of Google to search stuff. You can store photos locally, instead of uploading them to Flickr or Google Photos.

Digital privacy is hard work. This is because you are fighting a battle against some very smart people, and some very big companies that are interested in your data. And you are not just fighting this battle, but you are also fighting your own nature that tech companies exploit. We seek convenience. It is convenient to stay logged into Gmail so that when you open Chrome next morning you dont have to go the through remember-the-password-and-login routine again. But it is also how you leak your data. It is convenient to browse the web without NoScript, but you also leak more data that way. It is convenient to use an app instead of the Amazon website to shop but you also give more user data in an app.

Trying to maintain some level of privacy means making a few tough and inconvenient choices. It means switching between browsers while browsing, it means logging out often, it means giving apps manual permission every time you use them, it means not installing apps that you dont need, it means not uploading photos that show how you looked 20 years ago.

What if you need even more privacy. What do you? There are a few options, it all depends on how much privacy you need.

For seven better privacy, you can use a good VPN. A VPN can mask your actual location and can make digital fingerprinting harder. This is the reason a lot of websites hate VPNs. Even Google Search freaks out when users are on VPN and forces CAPTCHAS on them. It is as if the idea is to make VPNs inconvenient, and Google Search freaking out at VPN users is one good reason to use VPNs.

If you can, move to an iPhone. Now, Apple does track its users but it does so for some of its own specific purposes. It doesnt serve advertisements, and it collects far less information than Google does from Android. Apple is also harder on apps, including apps like Facebook. It wants apps to explicitly explain to users why they need access to something, and iOS allows users to control apps behaviour in a better way.

Although it is not practical, you can use TOR browser for complete anonymity while browsing. Though your browsing experience with TOR will become slow, and some websites will freak out when they cant figure out your IP and location etc. Like we said, privacy comes at the cost of convenience.

What if you need even more privacy? All right, in this case first of all you should get rid of your phone. If you cant do without a phone, then maybe move to a feature phone.

As for connecting to the web is concerned, you can move to something like TAILS, a Linux distro that boots from a USB and is created with the sole purpose of anonymous web browsing. Although if your aim is just to avoid advertisers, TAILS is an overkill.

More here:
Care about privacy? Don't just uninstall WhatsApp, here is what you need to do for private digital life - India Today